Field of Application
The present invention relates to the field of methods, based on the acquisition and electronic processing of biometric data, for recognizing the users of services, the use of which requires a registration and an authorisation. In particular the invention relates to a method of registering and recognizing users of POS (Point Of Sale) and ATM/Cashpoint services, as well as a method for providing such services.
The invention further relates to a recognition system which carries out the above method, as well as POS and ATM systems which comprise such recognition system.
Description of the Prior Art
In the context of the offer of services the use of which requires recognition and authorization, the need and convenience of using recognition and/or identity verification and/or authorization methods, based on the acquisition and processing of biometric data, is increasingly perceived.
In particular, such need is felt in the field of payment-related services, in the commercial context, such as POS (Point Of Sale) type services, or in the field of the services commonly offered by banks for the automatic withdrawal of cash from current accounts, such as Cashpoint/ATM (Automated Teller Machine) type services.
In the existing known POS and/or ATM systems, a card-holder (holder of a credit card or debit card) can access a service through two phases, the first of which entails the use of said card, the second of which is a confirmation of the card-holder's identity, by typing an identification numerical/alphanumerical code, such as a PIN or password. The identity confirmation (after the identity verification, i.e. “authentication”, process) provides that the recognition system first recognizes the user, through traditional card-based methods, then recalls the pre-registered identification code (PIN or password) of the recognized user, and finally compares the pre-registered identification code and the code typed in by the user.
In this framework, it is possible to envisage replacing the identification code with a biometric datum of the user.
To such purpose, numerous solutions for the verification of a user's identity based on the acquisition and processing of biometric data are known, in particular derived from the field of identity verification for security purposes (for example, to permit or not entrance to restricted access areas, or to access or not to confidential information in an IT system).
Such known solutions referred to are various, both as regards the biometric datum that is used (for example, fingerprint, or eye iris or electrocardiographic or respiratory frequency/pattern, or frequency/typing pressure on a keyboard) and as regards the algorithms that are employed for performing comparison and recognition (typically, analytical pattern-matching algorithms).
A first problem which arises, if one wished to apply such prior solutions for the identity verification in the context of POS/ATM, is that of implementing acquisition procedures that are sufficiently quick, simple and user-friendly, such as to prove attractive for the user. This requirement, by itself, excludes a large part of the aforementioned known solutions.
A second problem, even more hindering with respect to the needs felt in the context of POS/ATM services, is the fact that the aforementioned solutions relate to the function of identity verification or authentication, in the sense explained above, but do not however satisfy the need to “recognize” the user. In fact, for a “recognition service” the user must be identified without first having to introduce a presentation of him/herself, e.g., by inserting a credit or debit card. The demand for a recognition service is perceived as very important, for POS/ATM services, having the basic objective to even avoid the need to use a card.
The solutions focused on identity verification, known to the state of the art and described above, are absolutely unable to satisfy such demand.
It should be noted, in fact, that an identity verification service entails a mere “one-to.one” comparison between biometric data acquired from the user and biometric data previously registered by the same user.
On the contrary, a recognition service entails a “one-to-many” comparison between biometric data acquired from the user and a plurality of previously registered biometric data, belonging to all the users registered for a given service. Such plurality may be very numerous: in the context of POS/ATM services, the number of registered users (for example, clients of a bank) is typically hundreds of thousands or even millions of people.
Such quantitative data gives an idea of how much difference there is between the requirements to be met by a biometric method for verifying identity and by a biometric method for recognition, and allow to clearly understand the reason for which the solutions developed for the former are absolutely inapplicable to the latter.
The most critical problem that arises regards the duration of the recognition process, which requires a huge number of comparisons, instead of just one, before coming up with the result, so that the idea of simply repetitively perform the biometric methods for identity verification (such as those mentioned above) a number of times in sequence, as a recognition method, is unfeasible.
Faced with this problem, no feasible solutions can be found even resorting to prior solutions in other fields, such as solutions based on the acquisition of digital fingerprints of a person to be recognized and on the scanning of a database of digital fingerprints to find a matching. Such solutions, used for example for legal investigations, entail a recognition process duration which is longer, by several orders of magnitude, compared to the recognition process duration required for POS/ATM services, which is acceptable if it last, at most, few seconds.
Moreover, the aforementioned solutions do not always ensure a sufficient degree of recognition reliability for POS/ATM applications.
It is to be noted in fact that POS/ATM services, being related to payments or money transactions, require a very high degree of reliable recognition, comparable to that offered by the current solutions using cards with PIN/password confirmation. This is a urgent requisite for the providers of such services, such as banks.
The objective of eliminating PIN/password and the card, while maintaining a level of recognition reliability sufficient for such applications and relying on biometric data, is a technical challenge which has not yet been resolved.
With regard to the requirement of reliability, it is important to note that current POS/ATM terminal, as already observed, actually performs recognition by means of a PIN/password, which are identification codes that can be defined definable as “exact”, since they can be regenerated in an identical, deterministic manner, at every recognition event.
Conversely, biometric data are identification codes that can be defined as “non-exact”, because in this case there cannot be a deterministic and absolute identity between the recorded data and the data acquired during the recognition phase. One might use the analogy of a photograph: the photographs of a person are always different from each other, despite referring to the same person.
The fact of obtaining reliable recognition results, approaching those obtainable from exact identification codes, but using non-exact identification codes is a technical objective not currently achievable by the prior art.
The requirements of reliability and speed, imposed by a recognition method for POS/ATM services, are not resolved even by solutions recently proposed to make the acquisition of biometric data easy and quick, such as the solutions based on the acquisition of images of the user's hand palm.
For example, the patent application US 2012/0057763 illustrates a system of such type, using deterministic algorithms (SITF, convolution processes) to extract a plurality of biometric characteristics from the acquired image. The considered is an identity verification, wherein the single “one-to-one” comparison that is required is performed by means of a plurality of single comparisons.
The patent application US 2010/0045788 illustrates a further system of such type, to using analytical algorithms (such as the Kong algorithm based on Gabor filters) so as to express an approximate “pattern similarity” evaluation, for example by means of a function “distance”. Such system too makes comparisons of a plurality of biometric characteristics, derived from several images (images of the palm and images of the vein pattern, which must both be acquired), in order to achieve acceptable degrees of reliability.
In general, systems of the aforementioned known type use analytical algorithms (for example representing by means of equations the hand surfaces and detecting characteristic points on the hand surface) which try to approximate as a number, such as a “distance”, a “degree of similarity” to perform an identity comparison check. Consequently, in order to achieve an degree of reliability acceptable for the task of identity verification, they are compelled to make several comparisons, on a plurality of biometric characteristics, for each single “matching” comparison.
This entails an increase of the quantity of data to be stored for acquired each image, and an increase of the number of basic comparisons needed for each single identity check.
For these reasons, even should it prove possible to apply such systems in the context of a “one-to-many” recognition service (in the sense illustrated above), such solutions are not applicable (moreover, it is not even conceivable to apply them) in the context of services which require the recognition of a user among thousands, or hundreds of thousands, or even millions of users, such as that considered by the present invention.
In brief, it can be asserted that a biometric recognition method such as to meet the requirements of an application in the context of POS/ATM must have several characteristics: a simple and fast acquisition of the biometric datum; a processing speed such as to enable very quick recognition; a high degree of accuracy and reliability of such recognition.
None of the solutions of the prior art mentioned above is able to simultaneously satisfy all such aforementioned requirements, nor to offer a performance trade-off which is close to what is required.
Therefore, the scope of the present invention is to devise and make available an improved method of registration and quick recognition of a user, which is able to satisfy the aforementioned requirements and to overcome the drawbacks described above with reference to the prior art. It is also a scope of the present invention to devise and make available a method of providing a service, using the aforementioned method of recognition, which proves to be particularly efficient. The achievement of the aforementioned scope further allows the achievement of the further scopes to devise and make available a system for a quick recognition of a user and to provide POS and ATM services, in turn improved in such a way as to satisfy the aforementioned requirements, overcoming the drawbacks related to the mentioned prior art.